General
-
Target
2912d61c8089d8b1ff37916c6bb6215d5c6a225f5b7890807bfc12756aba29adN.exe
-
Size
190KB
-
Sample
250224-wwmy6axkt2
-
MD5
ffab82dce8027f2c430a421e5df6b9e0
-
SHA1
37765cd8aec52f489afdaa1d52132b6e741988a2
-
SHA256
2912d61c8089d8b1ff37916c6bb6215d5c6a225f5b7890807bfc12756aba29ad
-
SHA512
023080d2ab1591d3c76dd86581937ecba3b09e622ef106e6f9e43c10666843591bc76c48bce3cfe6789a62161d31619eb99bdc92b25eca2a67c73a85a33f9698
-
SSDEEP
3072:ONxCbB1RdMho4wV6Kz68Xn9PjRv5AsbmhB5epRAhogQGWQcdkXu7F6jjD:4xoH/6Kz6Gn5j/XbsB5eah4GzeFaP
Malware Config
Targets
-
-
Target
2912d61c8089d8b1ff37916c6bb6215d5c6a225f5b7890807bfc12756aba29adN.exe
-
Size
190KB
-
MD5
ffab82dce8027f2c430a421e5df6b9e0
-
SHA1
37765cd8aec52f489afdaa1d52132b6e741988a2
-
SHA256
2912d61c8089d8b1ff37916c6bb6215d5c6a225f5b7890807bfc12756aba29ad
-
SHA512
023080d2ab1591d3c76dd86581937ecba3b09e622ef106e6f9e43c10666843591bc76c48bce3cfe6789a62161d31619eb99bdc92b25eca2a67c73a85a33f9698
-
SSDEEP
3072:ONxCbB1RdMho4wV6Kz68Xn9PjRv5AsbmhB5epRAhogQGWQcdkXu7F6jjD:4xoH/6Kz6Gn5j/XbsB5eah4GzeFaP
Score10/10-
Blackshades
Blackshades is a remote access trojan with various capabilities.
-
Blackshades family
-
Blackshades payload
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1